You need to start off updating your cmdlets, there is a much later version out.

Once that is done, please paste the command you are running

Thank you for answering.

I do not agrree. This version is from 11/2019 (9.7). Where do you find a newer one?

I'm confused, are you saying ontap 9 9.7 and powershell toolkit 3.1 or powershell toolkit 9.7

Either way, paste your command

Can you share the output of the following commands? 

From the ONTAP CLI - "export-policy rule show -vserver <your SVM> -policyname default

From PowerShell - "(Get-NcNfsExport -VserverContext <your SVM> -Path /).SecurityRules"

We should be able to figure out from there what's going on - thanks!   

Sorry, here the version information:

ONTAP 9.3P1

PSTK 9.6 (Installfile was named NetApp_PowerShell_Toolkit_9.7.0.msi, OntapiPS.dll 14.11.2019, Product Version 9.7.0.0)

the command I used is

Get-NcNfsExport -VserverContext svm_xxxxx_nfs | select -ExpandProperty securityrules

First output is this (edited):

Pathname SecurityRules
-------- -------------
/ {False, False, False, False...}

Anon : 65534
NcController : clustername
Nosuid : False
ReadOnly : {several IP addresses and networks...}
ReadWrite : {several IP addresses and networks...}
Root : {several IP addresses and networks...}
SecFlavor : {sys}
NosuidSpecified : True

Wrong are the entrys at ReadWrite and Root. They have to be empty.

here is the CLI output (RW Access Rule: never):

Your "Superuser Security Types" for that rule index is set to "Any", so the "Root" output is correct based on how that portion of the rule is set up currently. However, it does look like the output is incorrect when the rwrule setting is set to "never" for some reason. In my lab, when I duplicated your policy but set the rwrule to "none", it returned a null value for the "ReadWrite" property. 

I tested it in the actual ZAPI call too and it is incorrect there as well. Looks like a bug of some sort.